Over the past month or so we have seen an increase in phishing emails directed through the school email system. These are emails that look like they come from someone inside the school, or an official business or service, and anything you click on inside the email takes you to a professional looking (but fake) website that then asks you to login again and then collects your user name and password.
The best piece of advice we can give is to be very careful with any emails you receive, especially if they have links and images inside them or there is some kind of request for money or gift cards. Think about the kinds of email you normally receive and who you receive email from. And never click a link or image and then reenter your username and password into a website you are not 100% sure about.
In addition, here are a few things you can look out for in the emails you receive to check if they are real:
- Spoofed Email Addresses
Always double-check the actual email address you are replying to. In Gmail you can double-click on the name in the To: field to see the full email address. Also we have turned on a few security features within Gmail so if the email address is someone outside of Hebron Academy you will get this message on your screen:
2. Mismatched links
A link in a phishing message will often appear to be perfectly valid but if you hover your mouse over the top of the link, you should see the actual linked address. If the hyperlinked address is different from the address that is displayed in the email, the message is probably fraudulent or malicious.
3. Embedded images
A lot of phishing emails contain embedded images that you can click on. As above, if you hover over the image the website it is linked to will display. Does the link make sense to you? Is it linking to a correct .com address that you regularly use?
4. Content from services you have not used before
Emails from companies such a DocuSign complete with legal disclaimers and logos can look very official. But think about whether you have ever used or heard of this service before, and how people usually share information with you. Most documents shared between faculty and students is either done through Google Drive or just regular attachments.
5. Poor spelling, grammar or formatting
If the text of the email (both subject and body text) has noticeable spelling and grammatical errors, or formatting issues, then the email is likely to be malicious. Especially look out for all caps or different font styles and colors.
6. No message context
If you receive an email that is vague in what the message is about be very wary of the content. Most emails you receive should at least mention you by name or explain in some detail what the content is about and what the attachment/link/image is for.
Here is a good example of such a message that is fraudulent but looks to be a Google Docs file link:
Notice the poor formatting of the document title with extra spaces and the incorrect use of Analyse instead of Analysis. And in the actual email the link was to a http://tinyurl.com address instead of http://docs.google.com/. The email subject was also in all caps.
If you do receive an email and you aren’t sure about whether it is real or not please contact the Tech Office.